Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution

advisory on Thursday that various applications use that format). Adversaries could also trigger an exploit with a weaponized web page, according to ZDI – although 0patch co-founder Mitja Kolsec said via Twitter he had trouble getting that to execute.

The vulnerability exists in Windows 7 (ZDI has issued proof-of-concept code for the bug), but it said that it believes that “all supported Windows version are impacted by this bug, including server editions.”

Microsoft patched two other issues in JET in the September Patch Tuesday updates, both of them listed as buffer overflows. For its part, the vendor has acknowledged the zero-day (first reported to Microsoft in May by Lucas Leong of Trend Micro Security Research) and said that it is working on a patch. In the meantime, 0patch promised that a micropatch for Windows 7 is forthcoming.

Other than that, businesses using JET should work on employee awareness and caution them not to open files from untrusted sources.

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Firmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug.

ThreatList: Microsoft Macros Remain Top Vector for Malware Delivery

The second-most popular delivery method is CVE-2017-11882, a patched Microsoft vulnerability that allows the attacker to perform arbitrary code-execution.

Apple Yet to Patch Safari Browser Address Bar Spoofing Flaw

A flaw in Safari – that allows an attacker to spoof websites and trick victims into handing over their credentials – has yet to be patched.

Join thousands of people who receive the latest breaking cybersecurity news every day.